First The BEAST Threatened Us, But Now We Have Worse Things To Worry About
In Learning Tree’s Cloud Security Essentials course we have been discussing the BEAST attack. I wrote about it here last spring. Things have shifted recently, it’s time to update the discussion. TLS 1.0 and earlier SSL versions had a serious flaw that allowed an attacker to recover small fragments of cleartext, exposing authentication credentials. The […]
Why Must We Still Fear the BEAST, and What Can We Do?
Most Internet communications security is provided by the SSL/TLS series of protocols. There is an enormous problem with early versions of SSL/TLS. We have known about this problem since 2002, and a solution has been available since 2006. Sadly, we still need to worry about this. Here is a brief timeline: SSL v1 — Only […]